Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / d7f59dc4642ce2fc7b79fcd4ec02ffce7f21eb02^! / .
commitd7f59dc4642ce2fc7b79fcd4ec02ffce7f21eb02[log] [tgz]
authorPaul Moore <paul.moore@hp.com>Fri Feb 27 15:00:03 2009 -0500
committerJames Morris <jmorris@namei.org>Mon Mar 02 09:30:04 2009 +1100
tree1557550ed6478a38cc04ad480a5977580d97b5cd
parent778ef1e6cbb049c9bcbf405936ee6f2b6e451892 [diff]
selinux: Fix a panic in selinux_netlbl_inode_permission()

Rick McNeal from LSI identified a panic in selinux_netlbl_inode_permission()
caused by a certain sequence of SUNRPC operations.  The problem appears to be
due to the lack of NULL pointer checking in the function; this patch adds the
pointer checks so the function will exit safely in the cases where the socket
is not completely initialized.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index 3f4b266..350794a 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c

@@ -386,11 +386,12 @@
 	if (!S_ISSOCK(inode->i_mode) ||
 	    ((mask & (MAY_WRITE | MAY_APPEND)) == 0))
 		return 0;
-
 	sock = SOCKET_I(inode);
 	sk = sock->sk;
+	if (sk == NULL)
+		return 0;
 	sksec = sk->sk_security;
-	if (sksec->nlbl_state != NLBL_REQUIRE)
+	if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE)
 		return 0;
 
 	local_bh_disable();